Vulnerability Details CVE-2026-28373
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 33.5%
CVSS Severity
CVSS v3 Score 9.6
References
Products affected by CVE-2026-28373
-
cpe:2.3:a:stackfield:stackfield:*
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:microsoft:windows:-